Terminate Process Task

After identifying a suspicious or malicious process running on an endpoint, you can terminate the process using context menus on the Trend Micro Vision One console.

Important:

Trend Micro recommends blocking the suspicious process using the User-Defined Suspicious Objects List before sending the Terminate command to prevent endpoints from restarting the terminated process.

For more information, see Add to Block List Task.

  1. After identifying the suspicious process, access the context or response menu and click Terminate.

    The Terminate Task screen appears.

  2. Confirm the targets of the response.
    Important:

    This task is only available for certain operating systems. You can only select endpoints running compatible operating systems.

  3. (Optional) Specify a Description for the response or event.
  4. Click Create.

    Trend Micro Vision One creates the task and displays the current command status on the Response Management app.

  5. Monitor the task status.
    1. Open the Response Management app.
    2. (Optional) Locate the task using the Search field or by selecting Terminate from the Action drop-down list.
    3. View the task status.
      • In progress... (): Trend Micro Vision One sent the command to the managing server and is waiting for a response

      • Queued (): The server queued the command due to a high volume of requests or because the Security Agent was offline

      • Successful (): The managing server successfully received the command

      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server

      Important:
      • The Task status indicates whether the managing server was able to successfully receive and execute the command. If the command target is a Security Agent, the Task status does not necessarily indicate whether the target Security Agent or object successfully executed the command.

      • To prevent endpoints from restarting terminated processes, block the object using the User-Defined Suspicious Objects List.

        For more information, see Add to Block List Task.